gitlab、gerrit安装与集成
一、Gitlab-15.10.3
1、安装包、依赖包
gitlab-ce-15.10.3-ce.0.el7.x86_64.rpm
2、安装
rpm -ivh gitlab-ce-15.10.3-ce.0.el7.x86_64.rpm
3、配置
vim /etc/gitlab/gitlab.rb
# 1. 修改 extermal_url
- ip为本机的ip,注意确认端口port没有被占用 例如'http://192.168.71.39:8070'
# 2. 修改备份保存目录 gitlab_rails['backup_path']
- 解开注释 #gitlab_rails['backup_path']
- 修改路径
4、生效配置并重启gitlab
gitlab-ctl reconfigure
gitlab-ctl restart
5、查看root初始密码
cat /etc/gitlab/initial_root_password
6、设置定时备份
# 在 /etc/crontab 中添加任务
30 0 * * * root cd /opt/gitlab/bin/ && gitlab-rake gitlab:backup:create
7、Web登录
二、Gerrit-3.8.0下载安装
安装、依赖包结构说明
|---- dependency-pkg/
| |------- git-2.40.0.tar.gz
| |------- httpd-tools-2.4.6.tar.gz
| |------- jdk-17_linux-x64_bin.tar.gz
| |------- nginx-1.20.1.tar.gz
|
|---- pkg/
| |---- gerrit-3.8.0.war
1、JDK-17安装
(1)安装包
jdk-17_linux-x64_bin.tar.gz
(2)安装配置
# 1. 解压
tar -zxvf jdk-17_linux-x64_bin.tar.gz
# 2. 设置环境变量- vim /etc/profile.d/custom.sh
export JDK_HOME=/data/jdk-17.0.4.1
export PATH=$JDK_HOME/bin:$PATH
# 3. 测试java
java -version
2、gerrit-3.8.0安装
# 1. gerrit 安装
$ java -jar gerrit-3.8.0.war init -d /data/gerrit/gerrit-site # -d 指定gerrit的根目录
Using secure store: com.google.gerrit.server.securestore.DefaultSecureStore
[2023-05-30 09:13:51,904] [main] INFO com.google.gerrit.server.config.GerritServerConfigProvider : No /data/gerrit/gerrit-site/etc/gerrit.config; assuming defaults
*** Gerrit Code Review 3.8.0
***
Create '/data/gerrit/gerrit-site' [Y/n]?
*** Git Repositories
***
Location of Git repositories [git]: # 可以指定git仓库保存路径,默认是 /data/gerrit/gerrit-site/git
*** JGit Configuration
***
*** Index
***
Type [lucene]:
*** User Authentication
***
Authentication method [openid/?]: HTTP # 使用HTTP方式认证用户
Get username from custom HTTP header [y/N]?
SSO logout URL :
Enable signed push support [y/N]?
*** Review Labels
***
Install Verified label [y/N]?
*** Email Delivery
***
SMTP server hostname [localhost]:
SMTP server port [(default)]:
SMTP encryption [none/?]:
SMTP username :
*** Container Process
***
Run as [root]:
Java runtime [/data/jdk-17.0.4.1]:
Copy gerrit-3.8.0.war to /data/gerrit/gerrit-site/bin/gerrit.war [Y/n]?
Copying gerrit-3.8.0.war to /data/gerrit/gerrit-site/bin/gerrit.war
*** SSH Daemon
***
Listen on address [*]:
Listen on port [29418]:
Generating SSH host key ... rsa... ed25519... ecdsa 256... ecdsa 384... ecdsa 521... done
*** HTTP Daemon
***
Behind reverse proxy [y/N]?
Use SSL (https://) [y/N]?
Listen on address [*]: 192.168.71.29
Listen on port [8080]: 8083 # 设置端口
Canonical URL [http://192.168.71.29:8083/]:
*** Cache
***
*** Plugins
***
Installing plugins. # 这里是安jar包中自带的插件,下面一定要选择y,默认是不安装插件的
Install plugin codemirror-editor version v3.8.0 [y/N]? y
Installed codemirror-editor v3.8.0
Install plugin commit-message-length-validator version v3.8.0 [y/N]? y
Installed commit-message-length-validator v3.8.0
Install plugin delete-project version v3.8.0 [y/N]? y
Installed delete-project v3.8.0
Install plugin download-commands version v3.8.0 [y/N]? y
Installed download-commands v3.8.0
Install plugin gitiles version v3.8.0 [y/N]? y
Installed gitiles v3.8.0
Install plugin hooks version v3.8.0 [y/N]? y
Installed hooks v3.8.0
Install plugin plugin-manager version v3.8.0 [y/N]? y
Installed plugin-manager v3.8.0
Install plugin replication version v3.8.0 [y/N]? y
Installed replication v3.8.0
Install plugin reviewnotes version v3.8.0 [y/N]? y
Installed reviewnotes v3.8.0
Install plugin singleusergroup version v3.8.0 [y/N]? y
Installed singleusergroup v3.8.0
Install plugin webhooks version v3.8.0 [y/N]? y
Installed webhooks v3.8.0
Initializing plugins.
============================================================================
Welcome to the Gerrit community
Find more information on the homepage: https://www.gerritcodereview.com
Discuss Gerrit on the mailing list: https://groups.google.com/g/repo-discuss
============================================================================
Initialized /data/gerrit/gerrit-site
Init complete, reindexing accounts,changes,groups,projects with: reindex --site-path /data/gerrit/gerrit-site --threads 1 --index accounts --index changes --index groups --index projectsReindexed 0 documents in accounts index in 0.0s (0.0/s)
Index accounts in version 12 is ready
Reindexing groups: 100% (2/2)
Reindexed 2 documents in groups index in 0.2s (8.9/s)
Index groups in version 9 is ready
Reindexing changes: Slicing projects: 100% (2/2), done
Reindexed 0 documents in changes index in 0.0s (0.0/s)
Index changes in version 82 is ready
Reindexing projects: 100% (2/2)
Reindexed 2 documents in projects index in 0.0s (117.6/s)
Index projects in version 5 is ready
Executing /data/gerrit/gerrit-site/bin/gerrit.sh start
Starting Gerrit Code Review: OK
Waiting for server on 192.168.71.29:8083 ... OK
Please open the following URL in the browser: http://192.168.71.29:8083/#/admin/projects/
# 2. 启动gerrit
# 如果1.中没有启动gerrit,那么手动启动gerrit
$ cd /data/gerrit/gerrit-site/bin
$ ./gerrit.sh start
#3. 查看状态
[root@localhost bin]# netstat -ltpn |grep -i gerrit
tcp6 0 0 192.168.71.29:8083 :::* LISTEN 3762/GerritCodeRevi
tcp6 0 0 :::29418 :::* LISTEN 3762/GerritCodeRevi
[root@localhost bin]#
[root@localhost bin]# ps -au |grep -i gerrit
root 3762 2.4 3.8 4820232 306136 pts/0 Sl 09:20 0:13 GerritCodeReview -Dflogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance -Dflogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance -jar /data/gerrit/gerrit-site/bin/gerrit.war daemon -d /data/gerrit/gerrit-site --run-id=1685409602.3690
root 4128 0.0 0.0 112812 1004 pts/0 S+ 09:29 0:00 grep --color=auto -i gerrit
3、nginx-1.20.1安装
1)安装nginx
tar -zxvf nginx-1.20.1.tar.gz
cd nginx-1.20.1/
rpm -Uvh *.rpm --force --nodeps
2)配置nginx
(1)新增 /etc/nginx/conf.d/gerrit.conf
server {
listen *:9999; # 监听端口
server_name 192.168.71.29; # 修改为主机的ip
allow all;
deny all;
auth_basic "Welcom to Gerrit Code Review Site!";
auth_basic_user_file /data/gerrit/gerrit_users/gerrit.password; # 确定一个文件,用来保存http认证用户,在下面的创建用户中使用到
location / {
proxy_pass http://192.168.71.29:8083; # 转发目标端口,修改为主机的ip 和gerrit中设置的port
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
}
(2)修改默认的配置文件
# 1. 打开/etc/nginx/nginx.conf, 修改 user 为 root
4、创建gerrit用户
# 1. 安装httpd工具
tar -zxvf httpd-tools-2.4.6.tar.gz
rpm -Uvh httpd-tools-2.4.6/*.rpm --force --nodeps
# 2. 创建gerrit用户
# (1)创建第一个用户
[root@localhost gerrit]# htpasswd -c /data/gerrit/gerrit_users/gerrit.password admin
New password:
Re-type new password:
Adding password for user admin
# (2)添加用户
[root@localhost gerrit]# htpasswd -m /data/gerrit/gerrit_users/gerrit.password testuser
New password:
Re-type new password:
Adding password for user testuser
[root@localhost gerrit]# cat /data/gerrit/gerrit_users/gerrit.password
admin:$apr1$ImMEpcGR$JU/s0FYbYPsJuvpEKcMNa0
testuser:$apr1$ZiROdkZQ$qzcJjSBZwfaIkx7zj6zxC.
5、确认配置
1)确认gerrit配置
- Gerrit Server监听 8083端口
- 认证方式为 HTTP
# vim gerrit_install_dir/etc/gerrit.config
[gerrit]
basePath = git
canonicalWebUrl = http://192.168.71.29:8083/
serverId = 1269ab01-7bc7-4c47-abf2-ee2fb65c7937
[container]
javaOptions = "-Dflogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance"
javaOptions = "-Dflogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance"
user = root
javaHome = /data/jdk-17.0.4.1
[index]
type = lucene
[auth]
type = HTTP
[receive]
enableSignedPush = false
[sendemail]
smtpServer = localhost
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = http://192.168.71.29:8083/
[cache]
directory = cache
2)确认nginx配置
- auth_basic_user_file 认证用户文件
- server_name
- proxy_pass
# vim /etc/nginx/conf.d/gerrit.conf
server {
listen *:9999;
server_name 192.168.71.29;
allow all;
deny all;
auth_basic "Welcom to Gerrit Code Review Site!";
auth_basic_user_file /data/gerrit/gerrit_users/gerrit.password;
location / {
proxy_pass http://192.168.71.29:8083;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
}
6、启动nginx
# 1. 启动nginx
systemctl restart nginx.service
# 如果报错可能是监听端口被占用,需要修改为其它端口
7、关闭防火墙和selinux
- 一定要关闭,否则web中会访问失败
# 1. 关闭firewall
systemctl stop firewalld.service
systemctl disable firewalld.service
# 2. 关闭selinux
# a. 永久关闭selinux,将SELINUX修改为disabled
vim /etc/sysconfig/selinux
# b. 永久修改方式不会立刻生效,当前环境下也修改
setenforce 0
8、浏览器访问
三、gerrit集成gitlab
1、(忽略,默认自带)下载gerrit插件——replication
插件源:https://gerrit-ci.gerritforge.com
2、(忽略,默认自带)安装插件
-
将下载的jar文件,上传到
<gerrit_intsall_dir>/plugins目录下 -
重启gerrit服务器,会自动加载插件:
sh <gerrit_intsall_dir>/bin/gerrit.sh restart -
查看插件是否加载
3、配置gerrit访问gitlab
-
gerrit主机ip:192.168.70.39
-
将gerrit主机的公钥添加到gitlab中的ssh key
# 1. 如果没有生成ssh key,通过以下命令生成
[root@gerrit ~]# ssh-keygen -t rsa -b 2048 -C "<key_commit>"
# 2. 将 ~/.ssh/中的公钥(.pub)复制粘贴到gitlab的ssh key中
[root@gerrit ~]# cat .ssh/id_rsa.pub
4、配置gitlab访问gerrit
1)配置免密登录
-
gitlab主机:192.168.71.39
-
将gitlab主机的公钥添加到gerrit主机中
# 1. 将gitlab机器的公钥添加到gerrit机器的authorized_keys文件中,实现免密登录
# 通过 ssh-copy-id 实现
[root@gitlab ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.70.39
或
# 手动将gitlab机器的公钥复制粘贴过去
# 2. 将gerrit机器的公钥添加到gitlab机器的authorized_keys文件中
[root@gerrit ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.71.39
2)配置用户同步Gitlab的配置文件
- 需要在该配置文件中指定gitlab服务器相关信息,否则将会同步失败
# 在gerrit机器上配置
[root@gerrit ~]$ cd /data/gerrit/gerrit-site/etc
[root@gerrit etc]$ pwd
/data/gerrit/gerrit-site/etc
[root@gerrit etc]$ mkdir .ssh
[root@gerrit etc]$ vim .ssh/config
[root@gerrit etc]$ cat .ssh/config
Host 192.168.71.39 # 这个IP是gitlab服务器的ip
IdentityFile ~/.ssh/id_rsa
PreferredAuthentications publickey
5、更新gerrit配置文件
# 1. 在gerrit.conf中添加以下内容:
# vim /data/gerrit/gerrit-site/etc/gerrit.config
[plugins]
allowRemoteAdmin = true
# 2. 重启gerrit
sh /data/gerrit/gerrit-site/bin/gerrit.sh restart
6、测试
1)创建一个gitlab的项目
2)gerrit创建一个空项目
3)拉取新版本
[root@localhost ~]# cd /data/gerrit/gerrit-site/git/
[root@localhost git]# ls
All-Projects.git All-Users.git testrepo.git
[root@localhost git]# rm -rf testrepo.git
[root@localhost git]# git clone --bare git@192.168.71.39:gitlab-instance-8ffe87d4/testrepo.git # 从gitlab上拉取
[root@localhost git]# cat testrepo.git/config
[core]
repositoryformatversion = 0
filemode = true
bare = true
[remote "origin"]
url = git@192.168.71.39:gitlab-instance-8ffe87d4/testrepo.git
7、配置Grerrit与GitLab的同步
1)插件安装——安装gerrit时已安装该插件
如果想要将Gerrit上的改动自动同步到GitLab上,就需要用到Gerrit的Replication插件。
Replication 插件可以同时对接已有的 Git 仓库系统,通常用于提供 changes 的镜像或者热备份,自动地将 Gerrit Code Review创建的任何改动 push 到另外一个系统里。
# 查看插件状态,安装并且有已启用
[root@localhost ~]# ssh -p 29418 admin@192.168.70.39 gerrit plugin ls |grep replication
replication v3.8.0 3.8.0 ENABLED replication.jar
2)配置replication配置文件
<gerrit_install_dir>/etc目录下手动创建replication.config文件用于代码同步。
特别注意:以后每创建一个新的项目,都要在该配置文件中添加对应的配置。
[root@localhost etc]# pwd
/data/gerrit/gerrit-site/etc
[root@localhost etc]# vim replication.config
[root@localhost etc]# cat replication.config #该文件需要手动创建
[remote "testrepo"] # remote后面是项目名称
projects = testrepo # projects也是项目名称
url = git@192.168.71.39:gitlab-instance-8ffe87d4/testrepo.git # gitlab上clone使用的url,使用ssh
push = +refs/heads/*:refs/heads/*
push = +refs/tags/*:refs/tags/*
push = +refs/changes/*:refs/changes/*
threads = 3
3)重载插件
ssh -p 29418 admin@192.168.70.39 gerrit plugin reload replication
8、测试自动更新gitlab
- 使用一台客户端机器测试
- 客户端的ssh公钥
- 客户端git版本不能太低,需要2.x
1)添加客户端ssh-key公钥
[fhu@localhost 09:01 ~]$ cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1xxxxyyyyttttzzzzcvcrdfddd abcd
# 将该公钥添加到gerrit的ssh-key中
2)拉取gerrit项目
[fhu@localhost 09:09 ~/Downloads]$ git clone "ssh://admin@192.168.70.39:29418/testrepo" && (cd "testrepo" && mkdir -p `git rev-parse --git-dir`/hooks/ && curl -Lo `git rev-parse --git-dir`/hooks/commit-msg http://192.168.70.39:8083/tools/hooks/commit-msg && chmod +x `git rev-parse --git-dir`/hooks/commit-msg)
3)修改、提交
(1)无需审核直接同步到gitlab
21 [fhu@localhost 09:19 ~/Downloads/testrepo]$ ls
README.md
22 [fhu@localhost 09:19 ~/Downloads/testrepo]$ echo "11111" > aaa.txt
23 [fhu@localhost 09:19 ~/Downloads/testrepo]$ ls
aaa.txt README.md
24 [fhu@localhost 09:19 ~/Downloads/testrepo]$ git add .
25 [fhu@localhost 09:20 ~/Downloads/testrepo]$ git commit -m 'update | add aaa.txt'
[main 9e7e52c] update | add aaa.txt
1 file changed, 1 insertion(+)
create mode 100644 aaa.txt
26 [fhu@localhost 09:26 ~/Downloads/testrepo]$ git push origin main # 该方式会直接合并,生产环境不建议使用
Enumerating objects: 4, done.
Counting objects: 100% (4/4), done.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 305 bytes | 305.00 KiB/s, done.
Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
remote: Processing changes: refs: 1, done
To ssh://192.168.70.39:29418/testrepo
9ddb4c6..9e7e52c main -> main
(2)提交审核后同步同步
- 提交的命令变为
git push -u origin HEAD:refs/for/<branch_name>格式 refs/for/*会将变更提交放到暂存区中,等待代码审核和集成验证
17 [fhu@localhost 09:34 ~/Downloads/testrepo]$ vim aaa.txt
18 [fhu@localhost 09:35 ~/Downloads/testrepo]$ git status
On branch main
Your branch is up to date with 'origin/main'.
Changes not staged for commit:
(use "git add <file>..." to update what will be committed)
(use "git restore <file>..." to discard changes in working directory)
modified: aaa.txt
no changes added to commit (use "git add" and/or "git commit -a")
19 [fhu@localhost 09:35 ~/Downloads/testrepo]$ git add aaa.txt
20 [fhu@localhost 09:35 ~/Downloads/testrepo]$ git commit -m 'update | add 222 to aaa.txt'
[main 46f2140] update | add 222 to aaa.txt
1 file changed, 4 insertions(+)
21 [fhu@localhost 09:35 ~/Downloads/testrepo]$ git push -u origin HEAD:refs/for/main
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 318 bytes | 318.00 KiB/s, done.
Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
remote: Processing changes: refs: 1, new: 1, done
remote:
remote: SUCCESS
remote:
remote: http://192.168.70.39:8083/c/testrepo/+/1 update | add 222 to aaa.txt [NEW]
remote:
To ssh://192.168.70.39:29418/testrepo
* [new reference] HEAD -> refs/for/main
4)查看变动
在登录界面的CHANGES栏目下可以看到提交的状态(Open、Merged和Abandoned)
这里可以看到改动正处于Open状态下。
-
点击
Subject可以查看具体信息
5)人工审核
- 默认只有Project Owners和Administrator群组用户拥有“Code-Review”选项+2的权限(提交通过)
- 普通用户的“Code-Review”选项只能选择+1(审核建议)
- review代码
- 审核通过后,commit状态变更
- 审核通过后,commit从Open转换到Merged
6)查看gitlab中变化
- 审核通过,merge以后,同步到了gitlab中
9、问题记录
1)客户端执行git commit命令时报错
- 原因是git版本太低,升级到2.x版本
17 [root@localhost 11:00 ~/Downloads/testrepo]# git commit -m 'update '
git: 'interpret-trailers' is not a git command. See 'git --help'.
git: 'interpret-trailers' is not a git command. See 'git --help'.
cannot insert Signed-off-by sentinel line in .git/COMMIT_EDITMSG
# 安装git-2.40.0
# 1. 安装依赖
yum install -y curl-devel expat-devel openssl-devel gcc gcc-c++
# 2. 安装git
tar -zxvf git-2.40.0.tar.gz
cd git-2.40.0/
make prefix=/usr/local/git all
make prefix=/usr/local/git install
# 3. 配置环境变量
# vim /etc/profile.d/custom.sh, 添加以下内容:
export PATH=/usr/local/git/bin:$PATH
# 4. 当前terminal加载环境变量
source /etc/profile.d/custom.sh
博客内容仅供参考,部分参考他人优秀博文,仅供学习使用
